-Lead researcher and writer at Analyst1-Plan, lead and engage in CTI and HUMINT based engagements against ransomware threat actors-Responsible for all Analyst1 dark web research (SME in TA undercover operations-Conduct thought leadership through speaking engagements, TV appearances, media interviews and podcasts

- Provide leadership and direction to customers and senior leaders in both strategic and tactical response to advanced cyber threats- Lead and manage threat investigations from start to finish- Coordinate/manage reverse engineering requirements for threat research - Provide oversight and ensure analysts present proper analysis and clear messaging within customer reporting- Provide narration of findings and communicate at the appropriate level (tell the story) to senior leaders, technical analysts, media reporters and the general pubic- Provide direction and act as the public facing leader of Symantec’s Attack Investigation Team- Collaborate with industry partners- Brief customers and advise decision makers on cyber threats- Profile threat actors -Identify and document both unique technical and human behaviors to build a digital fingerprint used to identify threat actors

-Advise customer and senior leadership on Advanced Persistent threat (APT) activity-Provide consulting services to hunt track and report on cyber threat actors-Provide advice to analysts and leadership as a SME on advanced threats-Attend and present at Intelligence Community meetings and conferences- Advise decision makers and analysts on how to prepare and react to various cyber threats -Produce in-depth analytical product reports on cyber threat actors and activity in specific industries relevant to my customer-Created product reports on emerging threats-Provide Open Source Intelligence (OSINT) Analysis and written report products on emerging threat activity based on CND indicators, malware and personas.-Create threat activity diagrams of advanced threat activity against various cyber targets identified through OSINT research-Track Advanced Persistent threats (APT) and identify new TTPs and infrastructure -Senior member on commercial threat intelligence assessments providing intel on APT threats and identifying advanced threats vs. crime ware and other lesser threat activity-Modeling attack activity with threat modeling software-Attributing threat activity to specific advanced threat groups-Reviewing malware and performing dynamic analysis to extract indicators and infrastructure information

-Discover, attribute, and identify state sponsored Cyber threats (Track, trend and use predictive analysisbased off Targeting and past TTPs)-Identify Tactics, Techniques, and Procedures of Advanced Persistent Threat (APT) to includeinfrastructure, tools, phishing emails and malware-Document TTP changes and trends of cyber threats-Identify targeting lists used by threat actors (public websites, group membership lists, Conference lists,contract announcements and other sources used for targeting)-Find trends and common relationships (Job, Program, professional membership, common technology,common locations and company’s) in recipients targeted by APT to identify targeting (better view of bigpicture / strategic as opposed to tactical)-Create, edit, and review written reports detailing state sponsored cyber events-Create presentations and brief senior Government and contract personnel-Analyze raw data such as PCAP, True Detect sensor logs, and email headers (Mime and SMTP) toidentify malicious traffic.-Identify originating IP addresses used to send phishing emails (mail relays are often used to hide the truesending IP) and track for trends in APT infrastructure and identify IP origins (location, registrant, ASN, ect)-Conduct Splunk queries, Monitor ArcSight channels (create rules and filters) via the ArcSight EnterpriseSecurity Manager-Submit incident reports to multiple government agencies and collaborate and share information withCDC partners-Participate in Technical forums and exchanges regarding state sponsored actors-Conduct basic malware analysis (dynamic) using tools such as CaptureBat, WireShark, Sysinternals andother dynamic analysis tools.-Identify files dropped, Remote Access Tools (PIVY, SharK Rat, and other custom Rats) used by threatcampaigns-Identify unique attributes in backdoors used by threat actors and provide indicators to defenders

-Cyber SIGINT Analyst, reporting to senior Management-Serves as a Signals Intelligence (SIGINT) Analyst technical lead for Support to ComputerNetwork Operations-Produce written SIGINT product reports to assess developments, trends, and threats- Coordinate and facilitate technical developments to support the ability to conduct research withSIGINT support entities-Manage, lead, and develop SIGINT analytic efforts in support computer network operations-Direct/lead SIGINT analytic effort to support and produce intelligence reports and products-Serve as subject matter expert on SIGINT targets and support senior management in briefingand attending high level multi-agency meetings-Execute and utilize management functions to perform SIGINT research and analysis for the development of products.-Support National Systems and agencies in support of intelligence requirementsand reporting criteria-Knowledge in the Defense and National Agency operations, mission, policy, structure and doctrine as well as the utilization of, National Systems and agencies in support of intelligence requirements.

-Senior Computer Network Operations CNO Cyber Threat Lead- Direct and lead Vulnerability Assessments on Information Systems DoD and Intelligence agencynetworks in support of National Agency operations- Assess classified and unclassified networks and systems within the US Cryptologic System and used toproduce US Intelligence Directives, against cyber vulnerabilities and threats.- Write detailed product reports and brief Government customers within the Army, Airforce as well asDefense and National Agency’s- Manage and lead and create policy protect database retrieval systems used to process intelligence dataand provide intelligence support to the warfighter.- Coordinate large scale assessments, with government agencies. Mitigate problems, concerns andbureaucracy involved in assessing another agencies networks

Advisor to government clients for multiple IT security programs. Design and Develop Secure networks.

Lead multiple network design initiatives, and opportunities to expand the capabilities of my clients infrastructure to bring new services such as DODIIS Trusted Workstations (DTW), VOIP services, and the expansion of various classified networks.